(a) Define cryptanalysis and list cryptanalysis attacks.

Illustrate and explain any

one of these cryptanalysis attacks.
(b) Distinguish between a Feistel and a non-Feistel block cipher.
(c) Compare and contrast the five modes of operation used in modern block
ciphers.
(d) Explain the difference of document/fingerprint and message/message digest.
Discuss and illustrate the integrity checking process.
(e) Discuss about the challenge-response authentication and explain the way of
authentication using keyed-hash functions

(a) Define three security goals and give a reason the importance of these goals with
an example. List the security services which have been defined in ITU-T
(X.800).
(b) Which methods can be used to perform the ciphertext-only attack and how to
prevent these methods?
(c) Distinguish between avalanche effect and the completeness.
(d) Can asymmetric key cryptography replace the need of symmetric key
cryptography? Explain why or why not.
(e) Discuss about the two types of forgery in digital signature.

Define cryptanalysis and list cryptanalysis attacks. Illustrate and explain any one of
these cryptanalysis attacks.
Cryptanalysis
 As cryptography is the science and art of creating secret codes, cryptanalysis
is the science and art of breaking those codes.
 The study of cryptanalysis techniques is needed, not to break other people’s
codes, but to learn how vulnerable the cryptosystem is.

Brute-Force Attack (Exhaustive-Key-Search)

 Eve tries to use all possible keys.
 Assume that Eve knows the algorithm and knows the key domain.
 Using the intercepted cipher, Eve decrypts the ciphertext with every possible
key until the plaintext makes sense.
 To prevent this type of attack, the number of possible keys must be very large.
 (a) Distinguish between a Feistel and a non-Feistel block cipher.
Feistel Ciphers and Non Feistel Cipher
Modern block ciphers are all product ciphers, but they are divided into two classes.
Feistel ciphers
 It can have three types of components: self-invertible, invertible, and
noninvertible.
e.g. DES
 A Feistel cipher combines all noninvertible elements in a unit and uses the
same unit in the encryption and decryption algorithms.
 The mixer in the Feistel design is self-invertible.

Non-Feistel ciphers
 The ciphers use only invertible components.
 E.g. AES
 A component in the encryption cipher has the corresponding component in the
decryption cipher.
 There is no need to divide the plaintext into two halves.

( c )Compare and contrast the five modes of operation used in modern block ciphers.
(d) Explain the difference of document/fingerprint and message/message digest.
Discuss and illustrate the integrity checking process.
Message Integrity
Difference
 The two pairs (document/fingerprint) and (message/message digest) are
similar, with some differences.
 The document and fingerprint are physically linked together.
 The message and message digest can be unlinked (or sent) separately, and,
most importantly, the message digest needs to be safe from change.

Checking Integrity
 To check the integrity of a message, or document, we run the cryptographic
hash function again and compare the new message digest with the previous
one.
 If both are the same, the original message has not been changed.

(e) Discuss about the challenge-response authentication and explain the way of
authentication using keyed-hash functions
Challenge Response Authentication
 The claimant proves that she knows a secret without sending it to the verifier.
 The challenge is a time-varying value sent by the verifier.
 The response is the result of a function applied on the challenge.
 In challenge-response authentication, the claimant proves that she knows a
secret without sending it to the verifier.
 Several approaches to challenge-response authentication use symmetric-key
encryption.

Keyed-hash functions

A keyed-hash function (MAC) is used.

It is used to create a challenge response with a timestamp.
It preserves the integrity of challenge and response messages and at the same time
uses a secret, the key.
Bob
Alice
(verifier)
(claimant)
Alice-Bob’s secret key

Alice, T, h( + T)

(a) Define three security goals and give a reason the importance of these goals
with an example. List the security services which have been defined in ITU-T
(X.800).
Security Goals

Confidentiality Integrity Availability

Confidentiality
 To be secured, information needs to be hidden from unauthorized access.
 An organization needs to guard against those malicious actions that endanger
the confidentiality of its information.
 Confidentiality not only applies to the storage of the information, it also
applies to the transmission of information.

Integrity
 Information needs to be changed constantly.
 Information needs to be protected from unauthorized change.
 Integrity means that changes need to be done only by authorized entities and
through authorized mechanisms.
  Integrity violation is not necessarily the result of a malicious act; an
interruption in the system, such as a power surge, may also create unwanted
changes in some information

Availability
 Information needs to be available to an authorized entity when it is needed.
 The information created and stored by an organization needs to be available to
authorized entities.
 Information needs to be constantly changed, which means it must be
accessible to authorized entities.

( b )Which methods can be used to perform the ciphertext-only attack and how to
prevent these methods?
Ciphertext-Only Attack
 Eve has access to only some ciphertext (assume that Eve knows the algorithm
and can intercept the ciphertext).
 She tries to find the corresponding key and the plaintext.
 It is the most probable attack because Eve needs only the ciphertext for this
attack.
 To thwart the decryption of a message by an adversary, a cipher must be very
resisting to this type of attack.

( c) Distinguishbetween avalanche effect and the completeness.

Avalanche Effect
Avalanche effect means a small change in the plaintext (or key) should create a
significant change in the ciphertext.
DES has been proved to be strong with regard to this property.

Completeness Effect
Completeness effect means that each bit of the ciphertext needs to depend on many
bits on the plaintext.
The diffusion and confusion produced by P-boxes and S-boxes in DES, show a very
strong completeness effect.
(d) Can asymmetric key cryptography replace the need of symmetric key
cryptography? Explain why or why not.
Asymmetric-Key Cryptography (Need for both)
 The advent of asymmetric key (public-key) cryptography does not eliminate
the need for symmetric-key (secret key) cryptography.
 The reason is that asymmetric-key cryptography, which uses mathematical
functions for encryption and decryption, is much slower than symmetric-key
cryptography.
 For encipherment of large messages, symmetric-key cryptography is still
needed.
 On the other hand, the speed of symmetric-key cryptography does not
eliminate the need for asymmetric-key cryptography.
 Asymmetric-key cryptography is still needed for authentication, digital
signatures, and secret-key exchanges.
 This means that both symmetric-key and asymmetric-key cryptography are
needed.
 One complements the other.

(e) Discuss about the two types of forgery in digital signature.

Existential Forgery
 Eve may be able to create a valid message-signature pair, but not one
that she can really use.
 A document has been forged, but the content is randomly calculated.
 Her message could be syntactically or semantically unintelligible.
Selective Forgery
 Eve may be able to forge Alice’s signature on a message with the
content selectively chosen by Eve.
 Probability of such forgery is low, but not negligible.

5. (a) Discuss about the need of entity authentication and describe the
simplest and oldest method in entity authentication.
Entity Authentication
 A technique designed to let one party prove the identity of another party.
 The entity whose identity needs to be proved is called the claimant;
 The party that tries to prove the identity of the claimant is called the verifier.
 An entity can be a person, a process, a client, or a server.

Passwords-based Authentication
 The simplest and oldest method of entity authentication.
 The password is something that the claimant knows.
 Authentication schemes divided into two groups: the fixed password and the
one-time password.
 Fixed Password
 A password that is used over and over again.
 This type of authentication is the use of an ATM card with a personal
identification number.
 One-Time Password
  A password that is used only once.
It makes eavesdropping and salting useless.

(b) Explain and illustrate about the Kerberos authentication protocol in details.
Kerberos Authentication Protocol
 Kerberos is an authentication protocol and a KDC.
 It is developed by the Massachusetts Institute of Technology (MIT).
 Kerberos has separated user verification from the process of issuing tickets
that allow the user to access different servers.
 Goals of Kerberos are Authentication, Authorization, and Accounting.

Three servers are involved in the Kerberos protocol.

 Authentication Server (AS) is the KDC in the Kerberos protocol.
 The AS verifies the user, issues a session key to be used between Alice
and the TGS, and sends a ticket for the TGS.
 Ticket-Granting Server (TGS) issues a ticket for the real server (Bob).
 It also provides the session key (KAB) between the user and the real
server. (Getting a Ticket )
 Real Server (Bob) provides services for the user (Alice).
 Kerberos is designed for a client-server program, such as FTP, in
which a user uses the client process to access the server process.

6. (a) Discuss and Illustrate the differences of Message Authentication

Code (MAC) and Modification Detection Code.
Modification Detection Code
 It is a message digest that can prove the integrity of the message.

Message Authentication Code (MAC)

 To ensure the integrity of the message and the data origin authentication.
 The difference between a MDC and a MAC is that the second includes a secret
between Alice and Bob.

(c) Explain the possible attacks types of digital signature. What can happen when
the attack is successful in digital signature?
Attacks on Digital Signature
Attack Types
Key-Only Attack (ciphertext-only attack)
 Eve has access only to the public information released by Alice.
 To forge a message, Eve needs to create Alice’s signature to convince
Bob that the message is coming from Alice.
Known-Message Attack (known-plaintext attack)
 Eve has access to one or more message-signature pairs.
 Eve has access to some documents previously signed by Alice.
 Eve tries to create another message and forge Alice’s signature on it.
Chosen-Message Attack (chosen-plaintext attack )
 Eve makes Alice sign one or more messages for her.
 Eve now has a chosen-message/signature pair.
 Eve later creates another message and forges Alice’s signature on it.
 If the attack is successful, the result is a forgery.
 Two types of forgery:
Existential Forgery
 Eve may be able to create a valid message-signature pair, but not one
that she can really use.
 A document has been forged, but the content is randomly calculated.
 Her message could be syntactically or semantically unintelligible.
Selective Forgery
 Eve may be able to forge Alice’s signature on a message with the
content selectively chosen by Eve.
 Probability of such forgery is low, but not negligible.